Fake “Statement Account” Emails Apparently from Sky.com Carry Malware


Malicious email

In case you stumble upon what appears to be an account statement in your inbox, act with caution. It could be an email sent out by cybercriminals to distribute a piece of malware.

Both ThreatTrack Security and Dynamoo’s Blog have analyzed the spam run. The email address of the sender is spoofed to make it look like the message is coming from statement@sky.com.

The notifications, which have nothing to do with Sky, read something like this:

“Afternoon,

Please find attached the statement of account. We look forward to receiving payment for the December invoice as this is now due for payment.

Regards,
Dale”

The variant analyzed by Dynamoo’s Blog is pretty much the same, but it’s signed by “Carmela.”

The file attached to the fake notifications is not an invoice, but an archive that hides a .scr file. Currently, this piece of malware is detected by only 9 of the antivirus engines on Virus Total.

These emails first started making the rounds in late October 2013. A second wave was spotted at the beginning of December 2013. The last time these emails were landing in inboxes was January 2014.

Each time, the month and the name of the individual who signed the email are changed, but the rest of the bogus notification is usually the same.

If you come across such emails in your inbox, delete them immediately. If you’ve already executed the file in the attachment, scan your computer with an updated antivirus. Perform regular scans to ensure that no threats go undetected.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s